From f57daa0a59a0058a4b3be1bbdf1577b59d7d697a Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Wed, 26 Jan 2011 11:36:10 +0100
Subject: [PATCH] Fix XSS problem, regression in the 3.4 branch. Dev releases
 until -beta2 are vulnerable. Thanks to Aung Khant from YGN Ethical Hacker
 Group (http://yehg.net/) for reporting this issue.

---
 libraries/header.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/header.inc.php b/libraries/header.inc.php
index 6ce37b82b..dee9b1532 100644
--- a/libraries/header.inc.php
+++ b/libraries/header.inc.php
@@ -121,7 +121,7 @@ if (!$GLOBALS['is_ajax_request']) {
                     printf($item,
                             $GLOBALS['cfg']['DefaultTabDatabase'],
                             PMA_generate_common_url($GLOBALS['db']),
-                            $GLOBALS['db'],
+                            htmlspecialchars($GLOBALS['db']),
                             __('Database'),
                             's_tbl.png');
                     // if the table is being dropped, $_REQUEST['purge'] is set